IN THE CLAIMS 
Please amend the claims as follows: 



1. (original) A method of generating a common secret between a 
first party and a second party, in which the first party holds a 
value pi and a symmetrical polynomial P(x,y) fixed in the first 
argument by the value pi, and the first party performs the steps of 
sending the value pi to the second party, receiving a value p2 from 
the second party and calculating the common secret Si by evaluating 
the polynomial P(pi, y) in p2, characterized in that the first party 
additionally holds a value qi and a symmetrical polynomial Q{x, z) 
fixed in the first argument by the value qi, and further performs 
the steps of sending qi to the second party, receiving a value q2 
from the second party and calculating the secret Si as 

Si=Q(qi, q2)-P{pi/ P2) . 

2. (original) The method of claim 1, in which the first party 
further performs the steps of obtaining a random number ri, 
calculating ri-qi, sending ri-qi to the second party, receiving r2-q2 
from the second party and calculating the secret Si as 

Si=Q(qi, ri-r2-q2)-P(pi/ P2) . 



N:\UserPublic\GR\NL\NL0201 92 prelim.doc 



2 



J 

3. (original) The method of claim 2, in which the first party 
holds the value qi multiplied by an arbitrarily chosen value r, and 
the product Q(qi, z)P(pi, y) instead of the individual polynomials 
P(pi# y) and Q(qi, z) , and the first party performs the steps of 
calculating ri- r-qi, sending ri-r-qi to the second party, receiving 
r2*r-q2 from the second party and calculating the secret Si as 
Si=Q{qi, ri-r2-r-q2) -PCpi, P2) - 

4. (original) The method of claim 1, in which the second party 
holds a value p2 and a value q2, the symmetrical polynomial P(x, y) 
fixed in the first argument by the value p2/ the symmetrical 
polynomial Q(x, z) fixed in the first argument by the value q2, and 
the second party performs the steps of sending q2 to the first 
party, receiving qi from the first party and calculating a secret S2 
as S2=Q(q2/ qi)'P(p2/ Pi) / whereby the common secret has been 
generated if the secret S2 equals the secret Si, 

5. (original) The method of claim 1, in which a trusted third 
party performs the steps of 

choosing a symmetric (n+1) x (n+1) matrix T, constructing the 
polynomial P using entries from the matrix T as respective 
coefficients of the polynomial P, constructing the polynomial 
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Q(x, y) , choosing the value pi, the value p2, the value qi and the 
value q2, sending the value pi, the value qi, the polynomial P(x, y) 
fixed in the first argument by the value pi and the polynomial Q(x, 
z) fixed in the first argument by the value qi to the first party, 
and sending the value p2, the value q2, the polynomial P(x, y) fixed 
in the first argument by the value p2 and the polynomial Q(x, z) 
fixed in the first argument by the value q2 to the second party 

6. (original) The method of claim 5, in which the trusted third 
party further arbitrarily chooses a value r, sends the value r-qi 
instead of the value qi and the product Q(qi, z)P{pi, y) instead of 
the individual polynomials P(pi, y) and Q(qi, z) to the first party 
and sends the value r-q2 instead of the value q2 and the product 
Q(q2, z)P{p2/ y) instead of the individual polynomials P(p2/ y) and 
Q{q2/ z) to the second party . 

7. (original) The method of claim 5, in which the trusted third 
party further performs the steps of 

choosing a set comprising m values pi, including the 
values pi and p2, 

calculating a space A from the tensor products p^®Pj of 

the Vandermonde vectors 5^ built from the set of values pi. 



N:\UserPublic\GR\NL\NL020 1 92 prelim.doc 



4 



choosing a vector fj and a vector ^2 ^^om the 
perpendicular space of the space A, constructing a matrix 

= T+ri from the vector and a matrix = T+r2 from the vector 

f 2 / constructing a polynomial P^i (x,y)using entries from the matrix 

Tp^ and sending the polynomial P^i(x,y) fixed in the first argument by 
the value pi to the first party, and 

constructing a polynomial P2(x,y)using entries from the 

matrix Tp^ and sending the polynomial P^2(x,y) fixed in the first 
argument by the value pa to the second party. 

8. (original) The method of claim 5, in which a number m' of 
values Pi, and < m, are distributed to additional parties. 

9. (original) The method of claim 1, in which the first party and 
the second party use a non- linear function on the generated secret 
SI and S2, respectively, before using it as a secret key in further 
communications . 

10. (original) The method of claim 9 in which a one-way hash 
function is applied to the generated secrets SI and 82. 
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11. (original) The method of claim 9 in which a non-linear 
function in the form of a polynomial is applied to the generated 
secrets SI and S2 . 

12. (original) The method of claim 1, further comprising the step 
of verifying that the second party knows the secret Si. 

13. (original) The method of claim 12, in which the first party 
subsequently applies a zero -knowledge protocol to verify that the 
second party knows the secret Si. 

14. (original) The method of claim 12, in which the first party 
subsequently applies a commitment -based protocol to verify that the 
second party knows the secret Si. 

15. (original) The method of claim 14, in which the second party 
uses a symmetric cipher to encrypt a random challenge, and sends 
the encrypted random challenge to the first party and the first 
party subsequently uses the same symmetric cipher as a commit 
function to commit himself to a decryption of the encrypted random 
challenge . 
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16. (currently amended) A system (100) comprising a first party 
(P) , a second party (V) and a trusted third party (TTP) , arranged 
to execute the method of any of the claimo Qbovc claim 1 . 

17. (original) A device (P) arranged to operate as the first 
party and/or as the second party in the system of claim 16. 

18. (original) The device of claim 17, comprising storage means 
(303) for storing the polynomial P and the polynomial Q in the form 
of their respective coefficients. 

19. (currently amended) A computer program product for causing 
one or more processors to execute the method of any of the claimo 
1 15 abovc claim 1 . 
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